Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries

“Security by design” is the term for shifting cybersecurity considerations from a system’s end users to its engineers. To reduce the end users’ workload for addressing security during the systems operation phase, security decisions need to be made during engineering, and in a way that is traceable f...

Descripción completa

Detalles Bibliográficos
Autores principales: Fluchs, Sarah, Taştan, Emre, Trumpf, Tobias, Horch, Alexander, Drath, Rainer, Fay, Alexander
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2023
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10301087/
https://www.ncbi.nlm.nih.gov/pubmed/37420712
http://dx.doi.org/10.3390/s23125547
_version_ 1785064729568346112
author Fluchs, Sarah
Taştan, Emre
Trumpf, Tobias
Horch, Alexander
Drath, Rainer
Fay, Alexander
author_facet Fluchs, Sarah
Taştan, Emre
Trumpf, Tobias
Horch, Alexander
Drath, Rainer
Fay, Alexander
author_sort Fluchs, Sarah
collection PubMed
description “Security by design” is the term for shifting cybersecurity considerations from a system’s end users to its engineers. To reduce the end users’ workload for addressing security during the systems operation phase, security decisions need to be made during engineering, and in a way that is traceable for third parties. However, engineers of cyber-physical systems (CPSs) or, more specifically, industrial control systems (ICSs) typically neither have the security expertise nor time for security engineering. The security-by-design decisions method presented in this work aims to enable them to identify, make, and substantiate security decisions autonomously. Core features of the method are a set of function-based diagrams as well as libraries of typical functions and their security parameters. The method, implemented as a software demonstrator, is validated in a case study with the specialist for safety-related automation solutions HIMA, and the results show that the method enables engineers to identify and make security decisions they may not have made (consciously) otherwise, and quickly and with little security expertise. The method is also well suited to make security-decision-making knowledge available to less experienced engineers. This means that with the security-by-design decisions method, more people can contribute to a CPS’s security by design in less time.
format Online
Article
Text
id pubmed-10301087
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-103010872023-06-29 Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries Fluchs, Sarah Taştan, Emre Trumpf, Tobias Horch, Alexander Drath, Rainer Fay, Alexander Sensors (Basel) Article “Security by design” is the term for shifting cybersecurity considerations from a system’s end users to its engineers. To reduce the end users’ workload for addressing security during the systems operation phase, security decisions need to be made during engineering, and in a way that is traceable for third parties. However, engineers of cyber-physical systems (CPSs) or, more specifically, industrial control systems (ICSs) typically neither have the security expertise nor time for security engineering. The security-by-design decisions method presented in this work aims to enable them to identify, make, and substantiate security decisions autonomously. Core features of the method are a set of function-based diagrams as well as libraries of typical functions and their security parameters. The method, implemented as a software demonstrator, is validated in a case study with the specialist for safety-related automation solutions HIMA, and the results show that the method enables engineers to identify and make security decisions they may not have made (consciously) otherwise, and quickly and with little security expertise. The method is also well suited to make security-decision-making knowledge available to less experienced engineers. This means that with the security-by-design decisions method, more people can contribute to a CPS’s security by design in less time. MDPI 2023-06-13 /pmc/articles/PMC10301087/ /pubmed/37420712 http://dx.doi.org/10.3390/s23125547 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Fluchs, Sarah
Taştan, Emre
Trumpf, Tobias
Horch, Alexander
Drath, Rainer
Fay, Alexander
Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries
title Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries
title_full Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries
title_fullStr Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries
title_full_unstemmed Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries
title_short Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries
title_sort traceable security-by-design decisions for cyber-physical systems (cpss) by means of function-based diagrams and security libraries
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10301087/
https://www.ncbi.nlm.nih.gov/pubmed/37420712
http://dx.doi.org/10.3390/s23125547
work_keys_str_mv AT fluchssarah traceablesecuritybydesigndecisionsforcyberphysicalsystemscpssbymeansoffunctionbaseddiagramsandsecuritylibraries
AT tastanemre traceablesecuritybydesigndecisionsforcyberphysicalsystemscpssbymeansoffunctionbaseddiagramsandsecuritylibraries
AT trumpftobias traceablesecuritybydesigndecisionsforcyberphysicalsystemscpssbymeansoffunctionbaseddiagramsandsecuritylibraries
AT horchalexander traceablesecuritybydesigndecisionsforcyberphysicalsystemscpssbymeansoffunctionbaseddiagramsandsecuritylibraries
AT drathrainer traceablesecuritybydesigndecisionsforcyberphysicalsystemscpssbymeansoffunctionbaseddiagramsandsecuritylibraries
AT fayalexander traceablesecuritybydesigndecisionsforcyberphysicalsystemscpssbymeansoffunctionbaseddiagramsandsecuritylibraries

Ejemplares similares